X509CertificateImplBtls (X509CertificateImplBtls other)
{
disallowFallback = other.disallowFallback;
x509 = other.x509 != null ? other.x509.Copy () : null;
privateKey = other.privateKey != null ? other.privateKey.Copy () : null;
if (other.intermediateCerts != null)
intermediateCerts = other.intermediateCerts.Clone ();
}
protected override void Dispose(bool disposing)
{
if (x509 != null)
{
x509.Dispose();
x509 = null;
}
}
public void AddCertificate(MonoBtlsX509 x509)
{
var ret = mono_btls_x509_store_add_cert(
Handle.DangerousGetHandle(),
x509.Handle.DangerousGetHandle());
CheckError(ret);
}
X509CertificateImplBtls (X509CertificateImplBtls other)
{
disallowFallback = other.disallowFallback;
x509 = other.x509 != null ? other.x509.Copy () : null;
nativePrivateKey = other.nativePrivateKey != null ? other.nativePrivateKey.Copy () : null;
fallback = other.fallback != null ? (X509Certificate2Impl)other.fallback.Clone () : null;
if (other.intermediateCerts != null)
intermediateCerts = other.intermediateCerts.Clone ();
}
X509CertificateImplBtls(X509CertificateImplBtls other)
{
x509 = other.x509 != null?other.x509.Copy() : null;
nativePrivateKey = other.nativePrivateKey != null?other.nativePrivateKey.Copy() : null;
if (other.intermediateCerts != null)
{
intermediateCerts = other.intermediateCerts.Clone();
}
}
public static MonoBtlsX509 GetBtlsCertificate(X509Certificate certificate)
{
var impl = certificate.Impl as X509CertificateImplBtls;
if (impl != null)
{
return(impl.X509.Copy());
}
return(MonoBtlsX509.LoadFromData(certificate.GetRawCertData(), MonoBtlsX509Format.DER));
}
X509CertificateImplBtls(X509CertificateImplBtls other)
{
disallowFallback = other.disallowFallback;
x509 = other.x509 != null?other.x509.Copy() : null;
privateKey = other.privateKey != null?other.privateKey.Copy() : null;
if (other.intermediateCerts != null)
{
intermediateCerts = other.intermediateCerts.Clone();
}
}
void Import(byte[] data)
{
// Does it look like PEM?
if ((data.Length > 0) && (data [0] != 0x30))
{
x509 = MonoBtlsX509.LoadFromData(data, MonoBtlsX509Format.PEM);
}
else
{
x509 = MonoBtlsX509.LoadFromData(data, MonoBtlsX509Format.DER);
}
}
public MonoBtlsX509Revoked GetByCert(MonoBtlsX509 x509)
{
var revoked = mono_btls_x509_crl_get_by_cert(
Handle.DangerousGetHandle(),
x509.Handle.DangerousGetHandle());
if (revoked == IntPtr.Zero)
{
return(null);
}
return(new MonoBtlsX509Revoked(new MonoBtlsX509Revoked.BoringX509RevokedHandle(revoked)));
}
X509CertificateImplBtls(X509CertificateImplBtls other)
{
disallowFallback = other.disallowFallback;
x509 = other.x509 != null?other.x509.Copy() : null;
nativePrivateKey = other.nativePrivateKey != null?other.nativePrivateKey.Copy() : null;
fallback = other.fallback != null ? (X509Certificate2Impl)other.fallback.Clone() : null;
if (other.intermediateCerts != null)
{
intermediateCerts = other.intermediateCerts.Clone();
}
}
public override bool Equals(X509CertificateImpl other, out bool result)
{
var otherBoringImpl = other as X509CertificateImplBtls;
if (otherBoringImpl == null)
{
result = false;
return(false);
}
result = MonoBtlsX509.Compare(X509, otherBoringImpl.X509) == 0;
return(true);
}
public void SetCertificate(MonoBtlsX509 x509)
{
CheckThrow();
var ret = mono_btls_ssl_use_certificate(
Handle.DangerousGetHandle(),
x509.Handle.DangerousGetHandle());
if (ret <= 0)
{
throw ThrowError();
}
}
public void AddIntermediateCertificate(MonoBtlsX509 x509)
{
CheckThrow();
var ret = mono_btls_ssl_add_chain_certificate(
Handle.DangerousGetHandle(),
x509.Handle.DangerousGetHandle());
if (ret <= 0)
{
throw ThrowError();
}
}
static void ConvertToNewFormat (string root, MonoBtlsX509 x509)
{
long hash = x509.GetSubjectNameHash ();
string newName;
int index = 0;
do {
newName = Path.Combine (root, string.Format ("{0:x8}.{1}", hash, index++));
} while (File.Exists (newName));
Console.WriteLine (" new name: {0}", newName);
using (var stream = new FileStream (newName, FileMode.Create))
using (var bio = MonoBtlsBio.CreateMonoStream (stream))
x509.ExportAsPEM (bio, true);
}
public override void Reset()
{
if (x509 != null)
{
x509.Dispose();
x509 = null;
}
if (nativePrivateKey != null)
{
nativePrivateKey.Dispose();
nativePrivateKey = null;
}
publicKey = null;
intermediateCerts = null;
}
static void ConvertToNewFormat(string root, MonoBtlsX509 x509)
{
long hash = x509.GetSubjectNameHash();
string newName;
int index = 0;
do
{
newName = Path.Combine(root, string.Format("{0:x8}.{1}", hash, index++));
} while (File.Exists(newName));
Console.WriteLine(" new name: {0}", newName);
using (var stream = new FileStream(newName, FileMode.Create))
using (var bio = MonoBtlsBio.CreateMonoStream(stream))
x509.ExportAsPEM(bio, true);
}
void Initialize()
{
if (certificates != null)
{
return;
}
hashes = new long [collection.Count];
certificates = new MonoBtlsX509 [collection.Count];
for (int i = 0; i < collection.Count; i++)
{
// Create new 'X509 *' instance since we need to modify it to add the
// trust settings.
var data = collection [i].GetRawCertData();
certificates [i] = MonoBtlsX509.LoadFromData(data, MonoBtlsX509Format.DER);
certificates [i].AddExplicitTrust(trust);
hashes [i] = certificates [i].GetSubjectNameHash();
}
}
protected override MonoBtlsX509 OnGetBySubject(MonoBtlsX509Name name)
{
Initialize();
var hash = name.GetHash();
MonoBtlsX509 found = null;
for (int i = 0; i < certificates.Length; i++)
{
if (hashes [i] != hash)
{
continue;
}
found = certificates [i];
AddCertificate(found);
}
return(found);
}
protected override MonoBtlsX509 OnGetBySubject(MonoBtlsX509Name name)
{
Console.WriteLine("COLLECTION LOOKUP: {0:x} - {1}", name.GetHash(), name.GetString());
Initialize();
var hash = name.GetHash();
MonoBtlsX509 found = null;
for (int i = 0; i < certificates.Length; i++)
{
if (hashes [i] != hash)
{
continue;
}
found = certificates [i];
AddCertificate(found);
}
return(found);
}
void ImportPkcs12(byte[] data, SafePasswordHandle password)
{
using (var pkcs12 = new MonoBtlsPkcs12()) {
if (password == null || password.IsInvalid)
{
try {
// Support both unencrypted PKCS#12..
pkcs12.Import(data, null);
} catch {
// ..and PKCS#12 encrypted with an empty password
using (var empty = new SafePasswordHandle(string.Empty))
pkcs12.Import(data, empty);
}
}
else
{
pkcs12.Import(data, password);
}
x509 = pkcs12.GetCertificate(0);
if (pkcs12.HasPrivateKey)
{
nativePrivateKey = pkcs12.GetPrivateKey();
}
if (pkcs12.Count > 1)
{
intermediateCerts = new X509CertificateImplCollection();
for (int i = 0; i < pkcs12.Count; i++)
{
using (var ic = pkcs12.GetCertificate(i)) {
if (MonoBtlsX509.Compare(ic, x509) == 0)
{
continue;
}
var impl = new X509CertificateImplBtls(ic);
intermediateCerts.Add(impl, true);
}
}
}
}
}
public override void Reset()
{
if (x509 != null)
{
x509.Dispose();
x509 = null;
}
if (nativePrivateKey != null)
{
nativePrivateKey = null;
}
subjectName = null;
issuerName = null;
archived = false;
publicKey = null;
intermediateCerts = null;
if (fallback != null)
{
fallback.Reset();
}
}
static void Main(string[] args)
{
if (!MonoBtlsProvider.IsSupported())
{
Console.Error.WriteLine("BTLS is not supported in this runtime!");
Environment.Exit(255);
}
var configPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
configPath = Path.Combine(configPath, ".mono");
var oldStorePath = Path.Combine(configPath, "certs", "Trust");
var newStorePath = MonoBtlsX509StoreManager.GetStorePath(MonoBtlsX509StoreType.UserTrustedRoots);
if (!Directory.Exists(oldStorePath))
{
Console.WriteLine("Old trust store {0} does not exist.");
Environment.Exit(255);
}
if (Directory.Exists(newStorePath))
{
Directory.Delete(newStorePath, true);
}
Directory.CreateDirectory(newStorePath);
var oldfiles = Directory.GetFiles(oldStorePath, "*.cer");
Console.WriteLine("Found {0} files in the old store.", oldfiles.Length);
foreach (var file in oldfiles)
{
Console.WriteLine("Converting {0}.", file);
var data = File.ReadAllBytes(file);
using (var x509 = MonoBtlsX509.LoadFromData(data, MonoBtlsX509Format.DER)) {
ConvertToNewFormat(newStorePath, x509);
}
}
}
void SetPrivateCertificate(X509CertificateImplBtls privateCert)
{
Debug("SetPrivateCertificate: {0}", privateCert);
ssl.SetCertificate(privateCert.X509);
ssl.SetPrivateKey(privateCert.NativePrivateKey);
var intermediate = privateCert.IntermediateCertificates;
if (intermediate == null)
{
/* Intermediate certificates are lost in the translation from X509Certificate(2) to X509CertificateImplBtls, so we need to restore them somehow. */
var chain = new System.Security.Cryptography.X509Certificates.X509Chain(false);
/* Let's try to recover as many as we can. */
chain.ChainPolicy.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
chain.Build(new System.Security.Cryptography.X509Certificates.X509Certificate2(privateCert.X509.GetRawData(MonoBtlsX509Format.DER), ""));
var elems = chain.ChainElements;
for (int j = 1; j < elems.Count; j++)
{
var cert = elems[j].Certificate;
/* If self-signed, it's a root and should not be sent. */
if (cert.SubjectName.RawData.SequenceEqual(cert.IssuerName.RawData))
{
break;
}
ssl.AddIntermediateCertificate(MonoBtlsX509.LoadFromData(cert.RawData, MonoBtlsX509Format.DER));
}
}
else
{
for (int i = 0; i < intermediate.Count; i++)
{
var impl = (X509CertificateImplBtls)intermediate [i];
Debug("SetPrivateCertificate - add intermediate: {0}", impl);
ssl.AddIntermediateCertificate(impl.X509);
}
}
}
protected override MonoBtlsX509 OnGetBySubject(MonoBtlsX509Name name)
{
byte[] raw_data = name.GetRawData(false);
var x509_name = new X500DistinguishedName(raw_data);
using (var certstore = new X509Store(StoreName.Root, Location))
{
try
{
certstore.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
}
catch (CryptographicException)
{
return(null);
}
var matches = certstore.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, x509_name.Name, false);
if (matches.Count >= 1)
{
// FIXME: Which one to use if more than 1 match?
return(MonoBtlsX509.LoadFromData(matches[0].RawData, MonoBtlsX509Format.DER));
}
return(null);
}
}
protected void AddCertificate(MonoBtlsX509 certificate)
{
lookup.AddCertificate(certificate);
}
internal X509CertificateImplBtls(MonoBtlsX509 x509, bool disallowFallback = false)
{
this.disallowFallback = disallowFallback;
this.x509 = x509.Copy();
}
internal static long GetSubjectNameHash (MonoBtlsX509 x509)
{
using (var subject = x509.GetSubjectName ())
return subject.GetHash ();
}
internal X509CertificateImplBtls(byte[] data, MonoBtlsX509Format format)
{
x509 = MonoBtlsX509.LoadFromData(data, format);
}
public void AddIntermediateCertificate (MonoBtlsX509 x509)
{
CheckThrow ();
var ret = mono_btls_ssl_add_chain_certificate (
Handle.DangerousGetHandle (),
x509.Handle.DangerousGetHandle ());
if (ret <= 0)
throw ThrowError ();
}
public void AddCertificate(MonoBtlsX509 x509)
{
mono_btls_pkcs12_add_cert(
Handle.DangerousGetHandle(),
x509.Handle.DangerousGetHandle());
}
internal X509CertificateImplBtls(MonoBtlsX509 x509)
{
this.x509 = x509.Copy();
}
internal void AddCertificate(MonoBtlsX509 certificate)
{
store.AddCertificate(certificate);
}
protected override void Dispose (bool disposing)
{
if (x509 != null) {
x509.Dispose ();
x509 = null;
}
}
internal X509CertificateImplBtls (byte[] data, MonoBtlsX509Format format, bool disallowFallback = false)
{
this.disallowFallback = disallowFallback;
x509 = MonoBtlsX509.LoadFromData (data, format);
}
void Import (byte[] data)
{
// Does it look like PEM?
if ((data.Length > 0) && (data [0] != 0x30))
x509 = MonoBtlsX509.LoadFromData (data, MonoBtlsX509Format.PEM);
else
x509 = MonoBtlsX509.LoadFromData (data, MonoBtlsX509Format.DER);
}
internal X509CertificateImplBtls (MonoBtlsX509 x509, bool disallowFallback = false)
{
this.disallowFallback = disallowFallback;
this.x509 = x509.Copy ();
}
public MonoBtlsX509Revoked GetByCert (MonoBtlsX509 x509)
{
var revoked = mono_btls_x509_crl_get_by_cert (
Handle.DangerousGetHandle (),
x509.Handle.DangerousGetHandle ());
if (revoked == IntPtr.Zero)
return null;
return new MonoBtlsX509Revoked (new MonoBtlsX509Revoked.BoringX509RevokedHandle (revoked));
}
public static X509Certificate CreateCertificate (MonoBtlsX509 x509)
{
using (var impl = new X509CertificateImplBtls (x509, true))
return new X509Certificate (impl);
}
public void AddCertificate (MonoBtlsX509 x509)
{
var ret = mono_btls_x509_store_add_cert (
Handle.DangerousGetHandle (),
x509.Handle.DangerousGetHandle ());
CheckError (ret);
}
public static int Compare(MonoBtlsX509 a, MonoBtlsX509 b)
{
return(mono_btls_x509_cmp(
a.Handle.DangerousGetHandle(),
b.Handle.DangerousGetHandle()));
}
internal static void ExportAsPEM (MonoBtlsX509 x509, Stream stream, bool includeHumanReadableForm)
{
using (var bio = MonoBtlsBio.CreateMonoStream (stream)) {
x509.ExportAsPEM (bio, includeHumanReadableForm);
}
}
public static int Compare (MonoBtlsX509 a, MonoBtlsX509 b)
{
return mono_btls_x509_cmp (
a.Handle.DangerousGetHandle (),
b.Handle.DangerousGetHandle ());
}
public void SetCertificate (MonoBtlsX509 x509)
{
CheckThrow ();
var ret = mono_btls_ssl_use_certificate (
Handle.DangerousGetHandle (),
x509.Handle.DangerousGetHandle ());
if (ret <= 0)
throw ThrowError ();
}
public static X509Certificate CreateCertificate(MonoBtlsX509 x509)
{
using (var impl = new X509CertificateImplBtls(x509))
return(new X509Certificate(impl));
}
public void AddCertificate (MonoBtlsX509 x509)
{
mono_btls_pkcs12_add_cert (
Handle.DangerousGetHandle (),
x509.Handle.DangerousGetHandle ());
}
internal X509CertificateImplBtls(byte[] data, MonoBtlsX509Format format, bool disallowFallback = false)
{
this.disallowFallback = disallowFallback;
x509 = MonoBtlsX509.LoadFromData(data, format);
}
public override void Reset ()
{
if (x509 != null) {
x509.Dispose ();
x509 = null;
}
if (nativePrivateKey != null) {
nativePrivateKey = null;
}
subjectName = null;
issuerName = null;
archived = false;
publicKey = null;
intermediateCerts = null;
if (fallback != null)
fallback.Reset ();
}
void ImportPkcs12 (byte[] data, string password)
{
using (var pkcs12 = new MonoBtlsPkcs12 ()) {
if (string.IsNullOrEmpty (password)) {
try {
// Support both unencrypted PKCS#12..
pkcs12.Import (data, null);
} catch {
// ..and PKCS#12 encrypted with an empty password
pkcs12.Import (data, string.Empty);
}
} else {
pkcs12.Import (data, password);
}
x509 = pkcs12.GetCertificate (0);
if (pkcs12.HasPrivateKey)
nativePrivateKey = pkcs12.GetPrivateKey ();
if (pkcs12.Count > 1) {
intermediateCerts = new X509CertificateImplCollection ();
for (int i = 0; i < pkcs12.Count; i++) {
using (var ic = pkcs12.GetCertificate (i)) {
if (MonoBtlsX509.Compare (ic, x509) == 0)
continue;
var impl = new X509CertificateImplBtls (ic, true);
intermediateCerts.Add (impl, true);
}
}
}
}
}
